Setup a proxy server with Raspberry PI, Raspberry PI OS Lite and Squid

Posted on 29th September 201915th September 2020 by peppe8o

Last updated on September 15th, 2020

What Are Proxy Servers And Why Use Them

Following Wikipedia description, “a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity“. A descriptive picture is also showed in the same page:

Squid is the most popular open source package to create a proxy in your self hosted linux server to reduce home network traffic and improve response time. It can be also used in chain with Privoxy to add network security.

Proxy server are useful in many contexts:

in Office context: to control internet traffic by blocking some websites or some keywords, to manage contact with external internet from a single point or to optimize internet bandwidth usage by caching pages at proxy level
in Home context: for example to control family internet access to block dangerous websites for childrens
in Personal use context: for example to use an anonymous connection or to bypass network ISP blocks

Once setup, proxy server can be configured in client machines both at web browser level (so that only the browser will use proxy) or at system level (in this case, all browsers and terminal commands will use proxy).

In this tutorial we are going to setup a proxy server with Raspberry Pi Zero W, but this procedure applies also to newer Raspberry Pi models.

What We Need

As usual, I suggest adding from now to your favourite e-commerce shopping cart all the needed hardware, so that at the end you will be able to evaluate overall costs and decide if continue with the project or remove them from the shopping cart. So, hardware will be only:

Raspberry Pi Zero W (including proper power supply or using a smartphone micro usb charger with at least 3A)
micro SD card (at least 16 GB, at least class 10)

Check hardware prices with following links:

Step-By-Step Procedure

Following picture summarizes the procedure:

In this guide we are going to use default Raspberry PI OS Lite as OS. Then we’ll install Squid (the most popular open source Proxy) and configure it.

I’ll configure Squid to manage access for all clients on a 192.168.1.0/24 private network to internet. You will need to modify this network depending on your needs and networking configurations.

Install OS And Squid

First thing, start from a fresh Raspberry PI OS Lite installation.

Make sure you OS is updated. From command line:

sudo apt update
sudo apt upgrade

Simply install Squid by using Raspberry PI OS repository with following command:

sudo apt install squid

At installation end, check that squid service is active:

sudo systemctl status squid.service

and you should see the following:

● squid.service – Squid Web Proxy Server
Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2019-09-29 11:46:06 BST; 1min 39s ago
Docs: man:squid(8)
Main PID: 5481 (squid)
Memory: 11.9M
CGroup: /system.slice/squid.service
├─5481 /usr/sbin/squid -sYC
├─5483 (squid-1) –kid squid-1 -sYC
├─5486 (logfile-daemon) /var/log/squid/access.log
└─5500 (pinger)

Configure Squid

Squid file and locations you should be aware of are:

Squid configuration file: /etc/squid/squid.conf
Squid Access log: /var/log/squid/access.log
Squid Cache log: /var/log/squid/cache.log

Edit config file, creating a copy:

sudo mv /etc/squid/squid.conf /etc/squid/squid.conf.backup
sudo nano /etc/squid/squid.conf

in this file I’ll leave the default port used from clients to use proxy. If you want to change it, identify and edit the following line:

http_port 3128

to restrict networks allowed to use squid proxy, I will comment all lines starting with “acl localnet src” just by adding an ashtag (#) at the start of line. I’m going to allow my network by typing the following configuration line:

acl localnet src 192.168.1.0/24

Finally identify default rule which is blocking http access:

http_access deny all

and change it to:

http_access allow all

to start using your Squid proxy server.

Close and save the file. Restart Squid service:

sudo systemctl restart squid.service

Configure Your Client To Use Proxy Server

Now you need to configure you client to use proxy server for internet connections. You have to check this depending on your client OS. For example, on Windows clients you should go on Settings -> Network & Internet -> Proxy. Move On “Use a proxy server” switch and insert your Raspberry PI IP address in address field and 3128 in port field.

Close and open again your browser. Now you are using your Squid proxy.

For more info and advanced settings, please refer to Squid official documentation.

Enjoy!

4 thoughts on “Setup a proxy server with Raspberry PI, Raspberry PI OS Lite and Squid”

Dave says:

22nd June 2020 at 4:23 am

Thanks for the guide for Squid on to the Rpi, I have installed it on my rpi4,
Do you have a guide for turning the Squid cache into transparent cache.

Thank you,

1. peppe8o says:
  
  23rd June 2020 at 9:45 am
  
  Hi Dave,
  from my searches with google, it appears that transparent mode can be enbled just by setting “http_port 3128 transparent” in your squid.conf
  
Xeonic says:

4th April 2021 at 7:55 am

How does one set a Password for the http Proxy?

1. peppe8o says:
  
  4th April 2021 at 11:46 am
  
  A good tutorial on adding authentication is available from https://gist.github.com/jackblk/fdac4c744ddf2a0533278a38888f3caf.
  Still not tried, but I will in near future. Please let me know if it works